configpolicy/roles/pxe/tasks/main.yml

- name: ensure pxeadmins group exists
  group:
    name: pxeadmins
    state: present
  tags:
  - group

- name: ensure pxeadmins can write to tftpboot directory
  acl:
    path: /var/lib/tftpboot
    entity: pxeadmins
    etype: group
    permissions: rwX
    recursive: True
    default: '{{ item == "default" }}'
    state: present
  loop:
  - default
  - current
  tags:
  - permissions

- name: ensure pxeadmins can write to nbd directory
  acl:
    path: /var/lib/nbd
    entity: pxeadmins
    etype: group
    permissions: rwX
    recursive: True
    default: '{{ item == "default" }}'
    state: present
  loop:
  - default
  - current
  tags:
  - permissions